Utilizing Machine Learning for BOTNET Detection
Principal Data Scientist/Researcher at Verint
A botnet is a collection of compromised machines (bots) infected by malicious software (malware) that allows the computers to be controlled remotely by botmaster through a Command-and-Control (C&C) server to perform automated tasks, such launching large scale Distributed Denial of Service (DDoS) attacks on other computers, send spam, perform click fraud, extortion, and Identity theft. Botnet malware is often designed to run in the background so users are unaware that their systems are infected and provides its operator’s control of many bots at once. This enables botnet operators to use computing and bandwidth resources across many different networks for malicious activities. Botnets with thousands and millions of nodes have been observed in the wild, with newer ones being observe every day. Various techniques are used to infect computers so they become bots, including luring users into downloading malware, exploiting Internet browser vulnerabilities, and tricking users into loading malware.
To date, techniques to counter botnet related attacks have predominantly been reactive, they mainly focus on monitoring network traffic, anomalies detection and cyber-attack traffic patterns. In my talk I will be presenting some of the latest state-of-the-art Machine Learning based approaches for botnet detection in the academy and in cyber-security industry by outlining their characteristics, performances, and limitations. I will discuss challenges of using machine learning for identifying botnet traffic and outlines possibilities for the future development of machine learning-based botnet detection systems.